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' SECURITY DEVICE 10 .LIMIT REMOTE ACCESS TO COMPUTERS .OVER 
SECURITI ubv^ TELEC0MMUNICA ii0N. NETWORK 

This invention relates to the control of remote access to 
computers over a telecommunication nework. . 

The practice of •computer-hacking', the gaining of . ; 

Unauthorised access to > computer By persons typically using ■ ; 
their, ovn computer linked through a, modem to a telephone ., 
network, has ! been of growing concern to businesses and 
governments over recent years. The conventional way of . 
protecting computer system fro, such access is by the use of 
one or more passwords. Hackers, however, have shown 
themseivesexpertin. guessing, discovering or using computer 

programs to. find the correct password. Once a hacker has 
.gained access to a computer system the intruder is often able 
to view, alter or erase private data , disrupt: the normal 
, functioning .of that system and! put " in place a. 'back-door' .. A 
. back -door' is a set: of instructions which tell the computer 
t0 admit the hacker wheh he or she , use, a particular code ... 
regardless of any changes to the normal passwords . 



This invention seeks 'to exclude hackers from any access to 
the computer system; so that they are unable to attempt the 
computers password sequence- of gain any other access, 
regardless; of whether or not a 'back-door' has been installed 
into the system. .; ■ 

According to the present invention there is provided a unit 
with an independent memory and capable of receiving and ; : 
recognising certain 'identification and communication signals 
over the telecommunication network used . The unit is capable 
of generating its own identification/signal and random 
password; able to generate dialling sequences or initiating: 
. dialling sequences directly or indirectly ^to effect .contact \ 
with ot her users of the telecommunications network . T>e; unit; 
; which; .aay or may not be free standing, will only allow access 
, to or by the computer system it . protects oyer the 
telecommunications network after it has effected .certain, 
security procedures such as or similar to those described 
under the specific embodiment of the invention below. Tl.e 
call back procedures: are. designed only tc> allow access to the 
computer by authorised users whose details have been ; 
preprogramed into the unit.- The indirect access procedure 
is designed to limit' the instructions '.; that, may: be ; . ■ ; ; - 
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. communicated to the computer once contact has been 
established. Although described together below, it is 

'envisaged that for certain security applications either the 
call back procedures or the indirect access procedure would 
alone be appropriate. In these cases, to. reduce costs, units- 
may be supplied which are only able to perform the 

•appropriate tasks. 

A specific embodiment of the invention will now be described 
as if the telecommunications network is to be the British 
Telecom telephone sys t em . The unit has a memory containing a 
library of identification signals it recognises , together 
with the telephone numbers of the authorised users of those 
signals and the units own identification signal. When the. 
indirect access procedure is to be used , the memory also ; 
contains a list of those commands the computer may accept * 
from each user or group of users. Alterations to this 
library may only be made when the correct key is inserted; 
into a lock in the unit, turned and remains within the unit.; 
Such alterations may be made, by an input device , such as a 
Iceyboard, which may be integrat or external, to! the unit. ; /The 
, unit also^ has a random password generator , a timing unit and : 
Memory to store certain details of calls made to or from ' 
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other network users, such as the identification sign.l of the 
unit or other system contacted or contact: received from and 
any random password transmitted or received which will be 
recorded- foi a limited time. In addition, the unit has a 
longer/ term memory to record details of . calls made and ■ 
received, their time, duration and the identification of 
those contacted or contact received .from. When the -it's 
icey is in place, this information may be output via an i ; 
integral or external output device, ; |uch as- a printer, and. 

: that partof the memory maybe erased.^ This, memory may also. 

; be used to report the current operational state of the unit. 

The call back security procedure : the unit is designed to ; : . 
effect is as follows: 



Case One 



When the. unit receives a call from a user of ^ 
the telecommunications network who is not 

:; us ing a similar, unit it will- receive and : . 
record the identification signal transmitted 
by the calling network user, then it will cut 
or otherwise cause; to; be cut the communication: 

; -line.-: Once the caller has disconnected, or ■ . 

; . ; h as been disconnected , the unit will call t tie . : 
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Case Two 



.number in^ its library corresponding to .the 
identification signal received.: When the 
connection is made the unit will then allow 
; the computer it protects direct or indirect 
'access to the communication line. If, however, 
the identification received is not recognised 
^ ^the^it will not attempt to make any call and 

.\ wil l not allow connection to the computer- it 
; protects, if the unit calls the number in the 
-.library and it contacts a system giving an 

■ identification other than that of the original 
caller no connection will be made. 

■ ^en ^ ^it -ece£.ek a call from a ; user of . 

the telecommunications network who is using a 

similar unit It will record both- the . 

identification signal and the random password ; 
; transmitted. . -The calling unit will then -cut 

the telephone line. The unit having received . 
- ■ . the call will then call the telephone number 

in its library corresponding to the 
•. identification signal received.. It will. - . 
] ■ transmit: its own identification signal; and the 
■ ^ random password it recorded, which it: will . . 




then erase from its memory. Assuming the unit 
so contacted had placed the original call 
within its pre-programed time limit, both 
units will connect their computers directly or 
indirectly over the telephone line. If, 
however, the identification received is not 
recognised the unit will not attempt to make 
any call and will not allow connection to the 
computer it protects: If the unit calls the 
number. in the library and it contacts a system 
giving an identification other than that of . 
the original caller no connection will be 
made. 

If the unit whose identification was given did 
not place the call or" did place the call but 
. the call back was not achieved within a 
pre-set time limit, no connection of either 
computer to the telephone lines will be made . 
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Case Three The unit is instructed to call an authorised 

user who does not have a similar unit. The 
unit telephones the number in its library 
. corresponding to the user it has been asked to 
contact. When it has exchanged identification, 
signals with the computer it has contacted, 
having confirmed it is the correct machine, it 
will connect its computer directly or 
indirectly to the telephone line. 



Case Four . The unit is instructed to call an authorised 
user who does have a similar unit. The unit 
telephones the number in its library 
corresponding to the user it has been asked 
to contact. When it has exchanged 
identification signals with the unit it has 
contacted, having: confirmed it is the correct 
machine, it will generate and transmit a 
random password. It will then cut the, 
. telephone line. For a limited time the unit 

, . will remember both the. identification signal 
; : . . of the machine it called and. the random 

. ' ; password.. . If the machine called' then calls , 
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back and gives its identification signal and 
the random password within a pre-set time 
limit the. unit will allow access, either ; , 
directly or indirectly to its computer. If 
the return call does not come within the; time 
allowed the unit will erase its.memory of the 
password, If the return call, then comes the 
unit will 'treat it as if it were an . ; 
instruction to call an; authorised user who has 
a similar unit and repeat the steps, of « Case . 
Four' from the beginning. 



When thX access the unit is programmed to allow to the 
computer is indirect the unit will oxily recognise andpass on 
thbse incoming instructions or pattern or sequence .of • 
instructions which it has been pre-programed to accept from ■ . 
that particular, authorised ^iser. The unit would not "/ 
int erf ef e wi th the transmissions made by the computer it ■ ■ 
protects... '." / 
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The indirect- access feature would be especially useful. when 
the computer protected contains, for example, a large 
data-base. Different users could be allowed to access 
varying amounts or sections of information. Instructions 
which might, for instance, alter the computers programming, or 
access restricted data would not be recognised by the unit 
and. therefore not be passed onto the computer where they 
could be processed. .. ■„■'■) ■ . 



When the unit is used to enforce the indirect, access .. : 
procedure without the call back procedure in operation,- the 
unit would be unable to differentiate between users. In this 
case it would apply a single library of acceptable , , ; 
pre-programed .instructions or pattern or sequence of : 
instructions to all telecommunication network, users. 



CLAIMS ' 

i A colter security device with its own mem*y dependant of 
«. colter it Protects, coveted between the confer and the ; . . 
telebcwfinunications network. 

2 a center HO-ity *vice as ciai^ in Claim 1 . ^le. to store; 
:. ^rate, «-o*U~ and transit passwrds, stor. and. .transit; 
te l. !Ph! ,,. <or other telecc-ntotion identificaUon .signal, 

t<1 a p:,-s,, i*-Uta*1«n «* cal. *«* p.o..-ecu,o. 

: i 3 A cranputer security device as caliJited ^n Claim 1. cr Claijn 2. 

aMe to store, receive and recognise certain si^ais signals, ;. 
■ retransnatting ohly those which it is f rogranod to p**t. 
: 4,- A dorter security device as claimed in any precede cUi«. ■ 
-.with an 'internal ttodem or similar device. .. 

■ ' s; A computer security device as clai^ in any preceding ciaim, 
mo^tod ir.ternMly to computer casing. ; 

6 A conputer security device as dialed in any preceding =1.1* 
a pc,,, .source with ***** or oO,, h».*»». 

7 . a computer security device >s clai^d, in any preceding clai™, ; 

• a ^a--iMi or electronic, locking 
... with an input device secured oy * n^hauical.or el . 

' : device. 

' ^ ■ x Urinals' in claim 3 was typed twice in. error. . 

. . NB The word signals in ^ 



